Associate Application Security Engineer - New York

At Fitch, we have an open culture where employees are able to exchange ideas and perspectives, throughout the organization, irrespective of their seniority. Your voice will be heard allowing you to have a real impact. We embrace diversity and appreciate authenticity encouraging an environment where employees can be their true selves. Our inclusive and progressive approach helps us to keep a balanced perspective.  Fitch is also committed to supporting its employees by advancing conversations around diversity, equity and inclusion.  Fitch’s Employee Resource Groups (ERGs) have been established by employees who have joined together as a workplace community based on similar backgrounds or life experiences.  Fitch’s ERGs are available to connect employees with others within the organization to offer professional and personal support. 

With our expertise, we are not only creating data and information, but also producing timely insights from every angle to influence decision making in this ever changing and highly competitive market. We have a relentless hunger to innovate and unlock the power of human insights and to drive value for our customers. There has never been a better time to make an impact and we invite you to join us on this journey.

Fitch Ratings is a leading provider of credit ratings, commentary and research. Dedicated to providing value beyond the rating through independent and prospective credit opinions, Fitch Ratings offers global perspectives shaped by strong local market experience and credit market expertise. The additional context, perspective and insights we provide have helped fund a century of growth and enables you to make important credit judgments with confidence.

Associate Application Security Engineer

We are seeking a highly motivated and detail-oriented associate application security engineer to join our team in Chicago or New York City.

In this role, you will be responsible for ensuring the security of our software and systems through a variety of tasks, including conducting security assessments, writing and reviewing code, and responding to security incidents and threats. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.  You will work closely with development and IT teams to identify and address security vulnerabilities and implement security controls, policies, and procedures.

What We Offer:

• Application Security is responsible for building out and maintaining the application security program that includes application security testing, penetration testing, application security standards, developer training, and application security vulnerability management.
• The group is part of the wider Technology Risk Group.

We’ll Count on You To:

• Conduct security assessments to identify vulnerabilities in software and systems
• Write and review code to ensure it follows secure coding practices
• Analyze security vulnerabilities to identify appropriate mitigation and remediation actions
• Collaborate with development teams to incorporate security best practices into the software development life cycle
• Aid with administrative maintenance of SAST, SCA, and vulnerability management tools
• Work with the cloud platform teams to implement SAST, DAST, and SCA tools into the service lifecycle
• Help with the expansion of the use of the SCA tool to identify vulnerabilities in opensource components in Fitch’s applications.
• Coordinate penetration tests with development teams and testers
• Assist with executing the application security vulnerability management processes, including utilizing automation to reduce the human workload
• Analyze and respond to security incidents and threats
• Participate in the design and implementation of security controls, policies, and procedures
• Research and stay up-to-date on the latest security trends and technologies
• Work with the different development teams to onboard applications to our application security program, utilizing project management skills

What You Need to Have:

• Bachelor's degree in Computer Science, Information Technology, or a related field
• 0-2 years of experience in application security or a related field
• Strong understanding of computer science and security principles
• Proficiency in programming languages (Java, Python, JavaScript, etc.)
• Understanding of network and web protocols
• Familiarity with how continuous integration and continuous deployment (CI/CD) processes work and knowledge of different CI/CD tools (Bamboo, Jenkins, Azure DevOps, AWS Code Deploy)
• Experience working with different version control software (Git, Subversion) and knowledge of different source code management tools (GitHub, Bitbucket)
• Excellent problem-solving and communication skills
• Familiarity with SAST, DAST, and SCA tools and analyzing the results from the tools to help development teams understand and prioritize the vulnerabilities
• Intellectual curiosity: demonstrates a thirst to understand current application security risks in the industry and how to protect against them
• Thinks analytically: applies methodologies appropriately and insightfully in reaching structured decisions
• Team work: able to work collaboratively as part of a multi-cultural and multi-location team
• Self-starter: able to work independently where required
• Can cope with time pressure and deadlines
• Pays close attention to detail
• Communicates effectively
• Project management mindset in carrying out initiatives

What Would Make You Stand Out:

• Familiarity with applications hosted in Microsoft Azure, AWS and other cloud providers
• Ability to understand different cryptography algorithms and measures to secure applications and data
• Understanding of DevOps background in public and private clouds
• Experience in writing application security documentation (policies, standards, procedures, etc.)
• Certifications: Associate of ISC2, GCSA, GWEB, CEH, CSSLP, CASE, etc.
• Able to resolve conflict constructively
• Carries out work in an organized manner

Why Fitch?

At Fitch Group, the combined power of our global perspectives is what differentiates us. Our global network of colleagues comes together to accomplish things greater than they ever could alone.

Every team member is essential to our business and each perspective is critical to our success. We embrace a diverse culture that encourages a free exchange of ideas, guaranteeing your voice will be heard and your work will have an impact, regardless of seniority.

We are building incredible things at Fitch and we invite you to join us on our journey.

Fitch Group is a global leader in financial information services with operations in more than 30 countries. Wholly owned by the Hearst Corporation, we are comprised of three main businesses: Fitch Ratings | Fitch Solutions | Fitch Learning.

For more information please visit our websites:  www.fitchratings.com | www.fitchsolutions.com | www.fitchlearning.com

Fitch is committed to providing global securities markets with objective, timely, independent and forward-looking credit opinions. To protect Fitch’s credibility and reputation, our employees must take every precaution to avoid conflicts of interests or any appearance of a conflict of interest. Should you be successful in the recruitment process at Fitch Ratings you will be asked to declare any securities holdings and other potential conflicts prior to commencing employment. If you, or your immediate family, have any holdings that may conflict with your work responsibilities, you may be asked to divest yourself of them before beginning work.

Fitch is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

FOR NEW YORK AND CALIFORNIA ROLES ONLY: Expected base pay rates for the role will be between $95,000 and $120,000.   Actual salaries will be determined on an individualized basis and may vary based on factors including but not limited to education, training, experience, past performance, and other job-related factors.  Base pay is one part of Fitch’s total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, long-term incentives, and other benefits sponsored by Fitch.